TiglathIII wrote on June 03, 2019:
When you are updating an image to be downloaded to your Amazon FreeRTOS device you are guided to create an S3 bucket to put your image in and led through the process of creating an OTA update role. Part of this role is to grant permissions to GetObject, PutObject and GetObjectVersion to your bucket.
If you already have a bucket that you are using for other purposes then you might be tempted to create a folder, firmware say, to put your updated images in. It would be reasonable, therefore, to grant the above permissions to this folder. Unfortunately this might fail for two reasons:
- The bucket MUST have versioning switched on; otherwise you get a spurious message saying that your S3 bucket is invalid when creating the OTA update job.
- If you are code signing your images (recommended) then the code signed image will be placed into a folder called /SignedImages under your bucket root. If you have granted permissions to the /firmware folder then you won’t have any permission to put objects into the /SignedImages folder. To get around this you will need to either grant permissions to the bucket root itself, without any specified folder. This is not recommended if you are using a bucket with other folders as this grants too much permission. The better approach is to grant the same permissions that you gave to the /firmware folder also to the /SignedImages folder.
None of the above is made clear in the OTA tutorial. I hope this helps to avoid much hair pulling from people like me, new to IoT and AmazonFreeRTOS.